I wrote a 2-line chage to the filter.py so that the logs show an
additional bit of information:
2022-08-18 07:05:58,415 fail2ban.filter [12689]: INFO
[plesk-wordpress] Found 51.195.148.190 - 2022-08-18 07:05:58 Tries: 1
2022-08-18 07:05:58,416 fail2ban.filter [12689]: INFO
[plesk-wordpress] Found 51.195.148.190 - 2022-08-18 07:05:58 Tries: 2
2022-08-18 07:06:16,666 fail2ban.filter [12689]: INFO
[plesk-wordpress] Found 151.106.41.64 - 2022-08-18 07:06:16 Tries: 1
2022-08-18 07:06:16,666 fail2ban.filter [12689]: INFO
[plesk-wordpress] Found 151.106.41.64 - 2022-08-18 07:06:16 Tries: 2
The "Tries:" field is new and contains the current attempts counter for
that IP.This, in turn, allowed me to write a tool to find the worst
offenders of the day (I wrote it in ooRexx because I'm an old timer) and
block their IP's permanently. I'd be happy to share that code as well.
The change is around line 694 in server/filter.py. Move attempts above
logSys.info, and then add a new field to the parameters of the
logSys.info basically.
tick = FailTicket(ip, unixTime, data=fail)
if self._inIgnoreIPList(ip, tick):
continue
* attempts = self.failManager.addFailure(tick) **
** logSys.info( **
** "[%s] **Found **%s - %s Tries:
%s", self.jailName, ip, MyTime.time2str(unixTime),attempts **
** ) *
# avoid RC on busy filter (too many
failures) - if attempts for IP/ID reached maxretry,
Regards,
Turgut Kalfaoglu
Izmir/Turkey
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
